The NetBSD Project

CVS log for pkgsrc/sysutils/xenkernel42/Attic/Makefile

[BACK] Up to [cvs.NetBSD.org] / pkgsrc / sysutils / xenkernel42

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.36, Wed Aug 19 10:39:22 2020 UTC (3 years, 6 months ago) by bouyer
Branch: MAIN
CVS Tags: HEAD
Changes since 1.35: +1 -1 lines
FILE REMOVED

Remove xenkernel and xentools packages older than 4.11.
They're not maintained anymore upstream, and don't build on supported NetBSD
releases.

Revision 1.35 / (download) - annotate - [select for diffs], Mon Jul 15 16:24:18 2019 UTC (4 years, 7 months ago) by nia
Branch: MAIN
CVS Tags: pkgsrc-2020Q2-base, pkgsrc-2020Q2, pkgsrc-2020Q1-base, pkgsrc-2020Q1, pkgsrc-2019Q4-base, pkgsrc-2019Q4, pkgsrc-2019Q3-base, pkgsrc-2019Q3
Changes since 1.34: +2 -2 lines
Diff to previous 1.34 (colored)

Use https for xenproject.org.

Revision 1.34 / (download) - annotate - [select for diffs], Thu Apr 25 07:33:22 2019 UTC (4 years, 10 months ago) by maya
Branch: MAIN
CVS Tags: pkgsrc-2019Q2-base, pkgsrc-2019Q2
Changes since 1.33: +2 -2 lines
Diff to previous 1.33 (colored)

PKGREVISION bump for anything using python without a PYPKGPREFIX.

This is a semi-manual PKGREVISION bump.

Revision 1.33 / (download) - annotate - [select for diffs], Tue Jul 24 17:29:08 2018 UTC (5 years, 7 months ago) by maya
Branch: MAIN
CVS Tags: pkgsrc-2019Q1-base, pkgsrc-2019Q1, pkgsrc-2018Q4-base, pkgsrc-2018Q4, pkgsrc-2018Q3-base, pkgsrc-2018Q3
Changes since 1.32: +3 -3 lines
Diff to previous 1.32 (colored)

sysutils/xen*: invert python version logic, only 2.7 is ok.

Mostly so we don't match python37 on xen 4.11, but also because python3
is a moving target and this saves us having to add the next version.

Revision 1.32 / (download) - annotate - [select for diffs], Tue Jul 3 05:03:34 2018 UTC (5 years, 7 months ago) by adam
Branch: MAIN
Changes since 1.31: +2 -2 lines
Diff to previous 1.31 (colored)

extend PYTHON_VERSIONS_ for Python 3.7

Revision 1.31 / (download) - annotate - [select for diffs], Mon Jan 15 09:47:54 2018 UTC (6 years, 1 month ago) by jperkin
Branch: MAIN
CVS Tags: pkgsrc-2018Q2-base, pkgsrc-2018Q2, pkgsrc-2018Q1-base, pkgsrc-2018Q1
Changes since 1.30: +2 -2 lines
Diff to previous 1.30 (colored)

xen*: Use SSP_SUPPORTED=no instead of PKGSRC_USE_SSP=no.

Revision 1.30 / (download) - annotate - [select for diffs], Mon Jul 24 08:53:45 2017 UTC (6 years, 7 months ago) by maya
Branch: MAIN
CVS Tags: pkgsrc-2017Q4-base, pkgsrc-2017Q4, pkgsrc-2017Q3-base, pkgsrc-2017Q3
Changes since 1.29: +3 -1 lines
Diff to previous 1.29 (colored)

Don't force enable ssp on xenkernel packages. fixes build

Revision 1.29 / (download) - annotate - [select for diffs], Thu Apr 13 13:08:33 2017 UTC (6 years, 10 months ago) by bouyer
Branch: MAIN
CVS Tags: pkgsrc-2017Q2-base, pkgsrc-2017Q2
Changes since 1.28: +2 -2 lines
Diff to previous 1.28 (colored)

Change http://bits.xensource.com/oss-xen/release/ to
https://downloads.xenproject.org/release/xen/, as new releases won't
be uploaded to bits.xensource.com

Revision 1.28 / (download) - annotate - [select for diffs], Tue Feb 14 21:36:15 2017 UTC (7 years ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2017Q1-base, pkgsrc-2017Q1
Changes since 1.27: +5 -2 lines
Diff to previous 1.27 (colored)

Ignore a couple more warnings when building with clang.

Revision 1.27 / (download) - annotate - [select for diffs], Sun Jan 1 14:43:58 2017 UTC (7 years, 1 month ago) by wiz
Branch: MAIN
Changes since 1.26: +2 -2 lines
Diff to previous 1.26 (colored)

Add python-3.6 to incompatible versions.

Revision 1.26 / (download) - annotate - [select for diffs], Wed Dec 21 15:35:44 2016 UTC (7 years, 2 months ago) by bouyer
Branch: MAIN
CVS Tags: pkgsrc-2016Q4-base, pkgsrc-2016Q4
Changes since 1.25: +2 -2 lines
Diff to previous 1.25 (colored)

Apply patch backported from upstream, fixing XSA-202
Bump PKGREVISION

Revision 1.25 / (download) - annotate - [select for diffs], Tue Dec 20 10:22:28 2016 UTC (7 years, 2 months ago) by bouyer
Branch: MAIN
Changes since 1.24: +2 -2 lines
Diff to previous 1.24 (colored)

Apply upstream patch for XSA-199, XSA-200 and XSA-204.
Bump PKGREVISIONs

Revision 1.24 / (download) - annotate - [select for diffs], Tue Nov 22 20:55:29 2016 UTC (7 years, 3 months ago) by bouyer
Branch: MAIN
Changes since 1.23: +2 -2 lines
Diff to previous 1.23 (colored)

Backport upstream patches, fixing today's XSA 191, 192, 195, 197, 198.
Bump PKGREVISIONs

Revision 1.23 / (download) - annotate - [select for diffs], Thu Sep 8 15:41:01 2016 UTC (7 years, 5 months ago) by bouyer
Branch: MAIN
CVS Tags: pkgsrc-2016Q3-base, pkgsrc-2016Q3
Changes since 1.22: +2 -2 lines
Diff to previous 1.22 (colored)

Backport upstream patches for security issues:
XSA-185: x86: Disallow L3 recursive pagetable for 32-bit PV guests
XSA-187: x86 HVM: Overflow of sh_ctxt->seg_reg[]
bump PKGREVISION

Revision 1.20.4.1 / (download) - annotate - [select for diffs], Thu Jul 28 13:54:43 2016 UTC (7 years, 6 months ago) by spz
Branch: pkgsrc-2016Q2
Changes since 1.20: +2 -2 lines
Diff to previous 1.20 (colored) next main 1.21 (colored)

Pullup ticket #5071 - requested by bouyer
sysutils/xenkernel42: security patch

Revisions pulled up:
- sysutils/xenkernel42/Makefile                                 1.22
- sysutils/xenkernel42/distinfo                                 1.20
- sysutils/xenkernel42/patches/patch-XSA-182                    1.1

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	bouyer
   Date:		Tue Jul 26 15:38:00 UTC 2016

   Modified Files:
   	pkgsrc/sysutils/xenkernel42: Makefile distinfo
   Added Files:
   	pkgsrc/sysutils/xenkernel42/patches: patch-XSA-182

   Log Message:
   Apply security patch from XSA-182. Bump PKGREVISION
   xen 4.2 is not vulnerable to XSA-183.


   To generate a diff of this commit:
   cvs rdiff -u -r1.21 -r1.22 pkgsrc/sysutils/xenkernel42/Makefile
   cvs rdiff -u -r1.19 -r1.20 pkgsrc/sysutils/xenkernel42/distinfo
   cvs rdiff -u -r0 -r1.1 pkgsrc/sysutils/xenkernel42/patches/patch-XSA-182

Revision 1.22 / (download) - annotate - [select for diffs], Tue Jul 26 15:38:00 2016 UTC (7 years, 7 months ago) by bouyer
Branch: MAIN
Changes since 1.21: +2 -2 lines
Diff to previous 1.21 (colored)

Apply security patch from XSA-182. Bump PKGREVISION
xen 4.2 is not vulnerable to XSA-183.

Revision 1.21 / (download) - annotate - [select for diffs], Sat Jul 9 13:04:08 2016 UTC (7 years, 7 months ago) by wiz
Branch: MAIN
Changes since 1.20: +2 -2 lines
Diff to previous 1.20 (colored)

Remove python33: adapt all packages that refer to it.

Revision 1.19.2.1 / (download) - annotate - [select for diffs], Mon Jan 11 20:37:17 2016 UTC (8 years, 1 month ago) by bsiegert
Branch: pkgsrc-2015Q4
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored) next main 1.20 (colored)

Pullup ticket #4886 - requested by bouyer
sysutils/xenkernel42: security fix
sysutils/xentools42: security fix

Revisions pulled up:
- sysutils/xenkernel42/Makefile                                 1.20
- sysutils/xenkernel42/distinfo                                 1.19
- sysutils/xenkernel42/patches/patch-CVE-2015-5307              1.1
- sysutils/xenkernel42/patches/patch-CVE-2015-8339              1.1
- sysutils/xenkernel42/patches/patch-CVE-2015-8555              1.1
- sysutils/xenkernel42/patches/patch-XSA-166                    1.1
- sysutils/xentools42/Makefile                                  1.41
- sysutils/xentools42/distinfo                                  1.22
- sysutils/xentools42/patches/patch-CVE-2015-8550               1.1
- sysutils/xentools42/patches/patch-CVE-2015-8554               1.1

---
   Module Name:	pkgsrc
   Committed By:	bouyer
   Date:		Thu Jan  7 17:53:59 UTC 2016

   Modified Files:
   	pkgsrc/sysutils/xenkernel42: Makefile distinfo
   	pkgsrc/sysutils/xentools42: Makefile distinfo
   Added Files:
   	pkgsrc/sysutils/xenkernel42/patches: patch-CVE-2015-5307
   	    patch-CVE-2015-8339 patch-CVE-2015-8555 patch-XSA-166
   	pkgsrc/sysutils/xentools42/patches: patch-CVE-2015-8550
   	    patch-CVE-2015-8554

   Log Message:
   pply patches from Xen repository, fixing:
   CVE-2015-5307 and CVE-2015-8104 aka XSA-156
   CVE-2015-8339 and CVE-2015-8340 aka XSA-159
   CVE-2015-8555 aka XSA-165
   XSA-166
   CVE-2015-8550 aka XSA-155
   CVE-2015-8554 aka XSA-164
   Bump pkgrevision

Revision 1.20 / (download) - annotate - [select for diffs], Thu Jan 7 17:53:58 2016 UTC (8 years, 1 month ago) by bouyer
Branch: MAIN
CVS Tags: pkgsrc-2016Q2-base, pkgsrc-2016Q1-base, pkgsrc-2016Q1
Branch point for: pkgsrc-2016Q2
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored)

pply patches from Xen repository, fixing:
CVE-2015-5307 and CVE-2015-8104 aka XSA-156
CVE-2015-8339 and CVE-2015-8340 aka XSA-159
CVE-2015-8555 aka XSA-165
XSA-166
CVE-2015-8550 aka XSA-155
CVE-2015-8554 aka XSA-164
Bump pkgrevision

Revision 1.19 / (download) - annotate - [select for diffs], Sat Dec 5 21:26:00 2015 UTC (8 years, 2 months ago) by adam
Branch: MAIN
CVS Tags: pkgsrc-2015Q4-base
Branch point for: pkgsrc-2015Q4
Changes since 1.18: +2 -2 lines
Diff to previous 1.18 (colored)

Extend PYTHON_VERSIONS_INCOMPATIBLE to 35

Revision 1.17.2.1 / (download) - annotate - [select for diffs], Wed Nov 4 20:02:32 2015 UTC (8 years, 3 months ago) by bsiegert
Branch: pkgsrc-2015Q3
Changes since 1.17: +2 -2 lines
Diff to previous 1.17 (colored) next main 1.18 (colored)

Pullup ticket #4849 - requested by bouyer
sysutils/xenkernel42: security fix

Revisions pulled up:
- sysutils/xenkernel42/Makefile                                 1.18
- sysutils/xenkernel42/distinfo                                 1.17
- sysutils/xenkernel42/patches/patch-CVE-2015-7835              1.1
- sysutils/xenkernel42/patches/patch-CVE-2015-7969              1.1
- sysutils/xenkernel42/patches/patch-CVE-2015-7971              1.1

---
   Module Name:	pkgsrc
   Committed By:	bouyer
   Date:		Thu Oct 29 21:59:16 UTC 2015

   Modified Files:
   	pkgsrc/sysutils/xenkernel42: Makefile distinfo
   Added Files:
   	pkgsrc/sysutils/xenkernel42/patches: patch-CVE-2015-7835
   	    patch-CVE-2015-7969 patch-CVE-2015-7971

   Log Message:
   Add patches, derived from Xen security advisory, fixing:
   CVE-2015-7835 aka XSA-148
   CVE-2015-7869 aka XSA-149 + XSA-151
   CVE-2015-7971 aka XSA-152
   Bump PKGREVISION

Revision 1.18 / (download) - annotate - [select for diffs], Thu Oct 29 21:59:16 2015 UTC (8 years, 3 months ago) by bouyer
Branch: MAIN
Changes since 1.17: +2 -2 lines
Diff to previous 1.17 (colored)

Add patches, derived from Xen security advisory, fixing:
CVE-2015-7835 aka XSA-148
CVE-2015-7869 aka XSA-149 + XSA-151
CVE-2015-7971 aka XSA-152
Bump PKGREVISION

Revision 1.17 / (download) - annotate - [select for diffs], Sun Aug 23 16:17:12 2015 UTC (8 years, 6 months ago) by spz
Branch: MAIN
CVS Tags: pkgsrc-2015Q3-base
Branch point for: pkgsrc-2015Q3
Changes since 1.16: +2 -2 lines
Diff to previous 1.16 (colored)

Apply patches for XSA-128 to XSA-140 from upstream

do a patch refresh in xentools42

rather than split the patches for pass-through.c over 5 files, delete
xentools42/patches/patch-CVE-2015-2756 and assemble all in
xentools42/patches/patch-qemu-xen-traditional_hw_pass-through.c

Revision 1.14.2.2 / (download) - annotate - [select for diffs], Sat Jun 13 09:13:49 2015 UTC (8 years, 8 months ago) by spz
Branch: pkgsrc-2015Q1
Changes since 1.14.2.1: +1 -1 lines
Diff to previous 1.14.2.1 (colored) to branchpoint 1.14 (colored) next main 1.15 (colored)

Pullup ticket #4745 - requested by khorben
sysutils/xenkernel42: security patch

Revisions pulled up:
- sysutils/xenkernel42/Makefile                                 1.16
- sysutils/xenkernel42/distinfo                                 1.14
- sysutils/xenkernel42/patches/patch-CVE-2015-3456              1.1

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	khorben
   Date:		Fri Jun  5 18:18:41 UTC 2015

   Modified Files:
   	pkgsrc/sysutils/xenkernel42: Makefile distinfo
   Added Files:
   	pkgsrc/sysutils/xenkernel42/patches: patch-CVE-2015-3456

   Log Message:
   Apply fixes from upstream for XSA-133

   XXX pull-ups


   To generate a diff of this commit:
   cvs rdiff -u -r1.15 -r1.16 pkgsrc/sysutils/xenkernel42/Makefile
   cvs rdiff -u -r1.13 -r1.14 pkgsrc/sysutils/xenkernel42/distinfo
   cvs rdiff -u -r0 -r1.1 \
       pkgsrc/sysutils/xenkernel42/patches/patch-CVE-2015-3456

Revision 1.16 / (download) - annotate - [select for diffs], Fri Jun 5 18:18:41 2015 UTC (8 years, 8 months ago) by khorben
Branch: MAIN
CVS Tags: pkgsrc-2015Q2-base, pkgsrc-2015Q2
Changes since 1.15: +2 -2 lines
Diff to previous 1.15 (colored)

Apply fixes from upstream for XSA-133

XXX pull-ups

Revision 1.14.2.1 / (download) - annotate - [select for diffs], Wed Apr 29 21:11:12 2015 UTC (8 years, 9 months ago) by tron
Branch: pkgsrc-2015Q1
Changes since 1.14: +2 -2 lines
Diff to previous 1.14 (colored)

Pullup ticket #4698 - requested by spz
Pullup ticket #4698 - requested by spz
sysutils/xenkernel41: security patch
sysutils/xenkernel42: security patch
sysutils/xenkernel45: security patch

Revisions pulled up:
- sysutils/xenkernel41/Makefile                                 1.45
- sysutils/xenkernel41/distinfo                                 1.36
- sysutils/xenkernel41/patches/patch-CVE-2015-2752              1.1
- sysutils/xenkernel41/patches/patch-CVE-2015-2756              1.1
- sysutils/xenkernel42/Makefile                                 1.15
- sysutils/xenkernel42/distinfo                                 1.13
- sysutils/xenkernel42/patches/patch-CVE-2015-2752              1.1
- sysutils/xenkernel42/patches/patch-CVE-2015-2756              1.1
- sysutils/xenkernel45/Makefile                                 1.6
- sysutils/xenkernel45/distinfo                                 1.5
- sysutils/xenkernel45/patches/patch-CVE-2015-2752              1.1
- sysutils/xenkernel45/patches/patch-CVE-2015-2756              1.1
- sysutils/xentools41/Makefile                                  1.50
- sysutils/xentools41/distinfo                                  1.38
- sysutils/xentools41/patches/patch-CVE-2015-2752               1.1
- sysutils/xentools41/patches/patch-CVE-2015-2756               1.1
- sysutils/xentools42/Makefile                                  1.27
- sysutils/xentools42/distinfo                                  1.16
- sysutils/xentools42/patches/patch-CVE-2015-2752               1.1
- sysutils/xentools42/patches/patch-CVE-2015-2756               1.1
- sysutils/xentools45/Makefile                                  1.6
- sysutils/xentools45/distinfo                                  1.6
- sysutils/xentools45/patches/patch-CVE-2015-2752               1.1
- sysutils/xentools45/patches/patch-CVE-2015-2756               1.1

---
   Module Name:	pkgsrc
   Committed By:	spz
   Date:		Sun Apr 19 13:13:21 UTC 2015

   Modified Files:
   	pkgsrc/sysutils/xenkernel41: Makefile distinfo
   	pkgsrc/sysutils/xenkernel42: Makefile distinfo
   	pkgsrc/sysutils/xenkernel45: Makefile distinfo
   	pkgsrc/sysutils/xentools41: Makefile distinfo
   	pkgsrc/sysutils/xentools42: Makefile distinfo
   	pkgsrc/sysutils/xentools45: Makefile distinfo
   Added Files:
   	pkgsrc/sysutils/xenkernel41/patches: patch-CVE-2015-2752
   	    patch-CVE-2015-2756
   	pkgsrc/sysutils/xenkernel42/patches: patch-CVE-2015-2752
   	    patch-CVE-2015-2756
   	pkgsrc/sysutils/xenkernel45/patches: patch-CVE-2015-2752
   	    patch-CVE-2015-2756
   	pkgsrc/sysutils/xentools41/patches: patch-CVE-2015-2752
   	    patch-CVE-2015-2756
   	pkgsrc/sysutils/xentools42/patches: patch-CVE-2015-2752
   	    patch-CVE-2015-2756
   	pkgsrc/sysutils/xentools45/patches: patch-CVE-2015-2752
   	    patch-CVE-2015-2756

   Log Message:
   apply fixes from upstream for
   XSA-125 Long latency MMIO mapping operations are not preemptible
   XSA-126 Unmediated PCI command register access in qemu

Revision 1.15 / (download) - annotate - [select for diffs], Sun Apr 19 13:13:20 2015 UTC (8 years, 10 months ago) by spz
Branch: MAIN
Changes since 1.14: +2 -2 lines
Diff to previous 1.14 (colored)

apply fixes from upstream for
XSA-125 Long latency MMIO mapping operations are not preemptible
XSA-126 Unmediated PCI command register access in qemu

Revision 1.14 / (download) - annotate - [select for diffs], Wed Mar 18 15:05:51 2015 UTC (8 years, 11 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2015Q1-base
Branch point for: pkgsrc-2015Q1
Changes since 1.13: +3 -2 lines
Diff to previous 1.13 (colored)

Fix build with Clang.

Revision 1.13 / (download) - annotate - [select for diffs], Tue Mar 10 19:50:15 2015 UTC (8 years, 11 months ago) by spz
Branch: MAIN
Changes since 1.12: +2 -2 lines
Diff to previous 1.12 (colored)

xsa123-4.3-4.2.patch from upstream:
x86emul: fully ignore segment override for register-only operations

For ModRM encoded instructions with register operands we must not
overwrite ea.mem.seg (if a - bogus in that case - segment override was
present) as it aliases with ea.reg.

This is CVE-2015-2151 / XSA-123.

Revision 1.12 / (download) - annotate - [select for diffs], Thu Mar 5 13:44:57 2015 UTC (8 years, 11 months ago) by spz
Branch: MAIN
Changes since 1.11: +2 -2 lines
Diff to previous 1.11 (colored)

Add patches for XSA-121 and XSA-122 from upstream.

Revision 1.11 / (download) - annotate - [select for diffs], Tue Dec 30 08:14:15 2014 UTC (9 years, 1 month ago) by spz
Branch: MAIN
Changes since 1.10: +2 -2 lines
Diff to previous 1.10 (colored)

fixing XSA-114 from upstream patch

Revision 1.10 / (download) - annotate - [select for diffs], Thu Nov 27 15:20:31 2014 UTC (9 years, 3 months ago) by bouyer
Branch: MAIN
CVS Tags: pkgsrc-2014Q4-base, pkgsrc-2014Q4
Changes since 1.9: +2 -2 lines
Diff to previous 1.9 (colored)

Apply patch from Xen advisory:
CVE-2014-8594/XSA-109:
x86: don't allow page table updates on non-PV page tables in do_mmu_update(),
fixing:
Malicious or buggy stub domain kernels or tool stacks otherwise living
outside of Domain0 can mount a denial of service attack which, if
successful, can affect the whole system.

CVE-2014-8595/XSA-110:
x86emul: enforce privilege level restrictions when loading CS, fixing:
Malicious HVM guest user mode code may be able to elevate its
privileges to guest supervisor mode, or to crash the guest.


CVE-2014-8866/XSA-111:
x86: limit checks in hypercall_xlat_continuation() to actual arguments, fixing:
A buggy or malicious HVM guest can crash the host.

CVE-2014-8867/XSA-112:
x86/HVM: confine internally handled MMIO to solitary regions, fixing:
A buggy or malicious HVM guest can crash the host.

CVE-2014-9030/XSA-113:
x86/mm: fix a reference counting error in MMU_MACHPHYS_UPDATE, fixing:
Malicious or buggy stub domain kernels or tool stacks otherwise living
outside of Domain0 can mount a denial of service attack which, if
successful, can affect the whole system.

Revision 1.8.2.1 / (download) - annotate - [select for diffs], Sat Oct 4 15:39:18 2014 UTC (9 years, 4 months ago) by tron
Branch: pkgsrc-2014Q3
Changes since 1.8: +2 -1 lines
Diff to previous 1.8 (colored) next main 1.9 (colored)

Pullup ticket #4514 - requested by bouyer
sysutils/xenkernel42: security patch

Revisions pulled up:
- sysutils/xenkernel42/Makefile                                 1.9
- sysutils/xenkernel42/distinfo                                 1.7
- sysutils/xenkernel42/patches/patch-xen_arch_x86_hvm_hvm.c     1.1

---
   Module Name:	pkgsrc
   Committed By:	bouyer
   Date:		Wed Oct  1 17:34:55 UTC 2014

   Modified Files:
   	pkgsrc/sysutils/xenkernel42: Makefile distinfo
   Added Files:
   	pkgsrc/sysutils/xenkernel42/patches: patch-xen_arch_x86_hvm_hvm.c

   Log Message:
   Add patch from upstream, fixing CVE-2014-7188 / XSA-108:
   Improper MSR range used for x2APIC emulation
   Bump PKGREVISION

Revision 1.9 / (download) - annotate - [select for diffs], Wed Oct 1 17:34:54 2014 UTC (9 years, 4 months ago) by bouyer
Branch: MAIN
Changes since 1.8: +2 -1 lines
Diff to previous 1.8 (colored)

Add patch from upstream, fixing CVE-2014-7188 / XSA-108:
Improper MSR range used for x2APIC emulation
Bump PKGREVISION

Revision 1.7.2.1 / (download) - annotate - [select for diffs], Sun Sep 28 13:28:58 2014 UTC (9 years, 4 months ago) by tron
Branch: pkgsrc-2014Q2
Changes since 1.7: +2 -2 lines
Diff to previous 1.7 (colored) next main 1.8 (colored)

Pullup ticket #4506 - requested by bouyer
sysutils/xenkernel42: security patch

Revisions pulled up:
- sysutils/xenkernel42/Makefile                                 1.8
- sysutils/xenkernel42/distinfo                                 1.6
- sysutils/xenkernel42/patches/patch-xen_arch_x86_mm_shadow_common.c 1.1
- sysutils/xenkernel42/patches/patch-xen_arch_x86_x86_emulate_x86_emulate.c 1.1
- sysutils/xentools42/Makefile                                  1.23
- sysutils/xentools42/distinfo                                  1.12

---
   Module Name:	pkgsrc
   Committed By:	bouyer
   Date:		Fri Sep 26 10:39:32 UTC 2014

   Modified Files:
   	pkgsrc/sysutils/xenkernel42: Makefile distinfo
   	pkgsrc/sysutils/xentools42: distinfo
   Added Files:
   	pkgsrc/sysutils/xenkernel42/patches:
   	    patch-xen_arch_x86_mm_shadow_common.c
   	    patch-xen_arch_x86_x86_emulate_x86_emulate.c

   Log Message:
   Update xentools42 and xenkernel42 to Xen 4.2.5, fixing:
   CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible
   CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be
     created
   CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection
   CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests

   pkgsrc also includes patches from the Xen Security Advisory:
   XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram
   XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT,
     LIDT, and LMSW emulation
   XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation
     of software interrupts

---
   Module Name:	pkgsrc
   Committed By:	bouyer
   Date:		Fri Sep 26 10:40:45 UTC 2014

   Modified Files:
   	pkgsrc/sysutils/xentools42: Makefile

   Log Message:
   Update xentools42 and xenkernel42 to Xen 4.2.5, fixing:
   CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible
   CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be
     created
   CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection
   CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests

   pkgsrc also includes patches from the Xen Security Advisory:
   XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram
   XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT,
     LIDT, and LMSW emulation
   XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation
     of software interrupts

Revision 1.8 / (download) - annotate - [select for diffs], Fri Sep 26 10:39:31 2014 UTC (9 years, 5 months ago) by bouyer
Branch: MAIN
CVS Tags: pkgsrc-2014Q3-base
Branch point for: pkgsrc-2014Q3
Changes since 1.7: +2 -2 lines
Diff to previous 1.7 (colored)

Update xentools42 and xenkernel42 to Xen 4.2.5, fixing:
CVE-2014-2599 / XSA-89 HVMOP_set_mem_access is not preemptible
CVE-2014-3124 / XSA-92 HVMOP_set_mem_type allows invalid P2M entries to be
  created
CVE-2014-3967,CVE-2014-3968 / XSA-96 Vulnerabilities in HVM MSI injection
CVE-2014-4021 / XSA-100 Hypervisor heap contents leaked to guests

pkgsrc also includes patches from the Xen Security Advisory:
XSA-104 (CVE-2014-7154) - Race condition in HVMOP_track_dirty_vram
XSA-105 (CVE-2014-7155) - Missing privilege level checks in x86 HLT, LGDT,
  LIDT, and LMSW emulation
XSA-106 (CVE-2014-7156) - Missing privilege level checks in x86 emulation
  of software interrupts

Revision 1.7 / (download) - annotate - [select for diffs], Fri May 9 07:37:20 2014 UTC (9 years, 9 months ago) by wiz
Branch: MAIN
CVS Tags: pkgsrc-2014Q2-base
Branch point for: pkgsrc-2014Q2
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 (colored)

Mark packages that are not ready for python-3.3 also not ready for 3.4,
until proven otherwise.

Revision 1.6 / (download) - annotate - [select for diffs], Sat Feb 22 01:22:49 2014 UTC (10 years ago) by prlw1
Branch: MAIN
CVS Tags: pkgsrc-2014Q1-base, pkgsrc-2014Q1
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored)

Update xenkernel42 to 4.2.4

This fixes the following critical vulnerabilities:

- CVE-2013-2212 / XSA-60 Excessive time to disable caching with HVM guests with PCI passthrough
- CVE-2013-1442 / XSA-62 Information leak on AVX and/or LWP capable CPUs
- CVE-2013-4355 / XSA-63 Information leaks through I/O instruction emulation
- CVE-2013-4361 / XSA-66 Information leak through fbld instruction emulation
- CVE-2013-4368 / XSA-67 Information leak through outs instruction emulation
- CVE-2013-4369 / XSA-68 possible null dereference when parsing vif ratelimiting info
- CVE-2013-4370 / XSA-69 misplaced free in ocaml xc_vcpu_getaffinity stub
- CVE-2013-4371 / XSA-70 use-after-free in libxl_list_cpupool under memory pressure
- CVE-2013-4375 / XSA-71 qemu disk backend (qdisk) resource leak
- CVE-2013-4416 / XSA-72 ocaml xenstored mishandles oversized message replies
- CVE-2013-4494 / XSA-73 Lock order reversal between page allocation and grant table locks
- CVE-2013-4553 / XSA-74 Lock order reversal between page_alloc_lock and mm_rwlock
- CVE-2013-4551 / XSA-75 Host crash due to guest VMX instruction execution
- CVE-2013-4554 / XSA-76 Hypercalls exposed to privilege rings 1 and 2 of HVM guests
- CVE-2013-6375 / XSA-78 Insufficient TLB flushing in VT-d (iommu) code
- CVE-2013-6400 / XSA-80 IOMMU TLB flushing may be inadvertently suppressed
- CVE-2013-6885 / XSA-82 Guest triggerable AMD CPU erratum may cause host hang
- CVE-2014-1642 / XSA-83 Out-of-memory condition yielding memory corruption during IRQ setup
- CVE-2014-1891 / XSA-84 integer overflow in several XSM/Flask hypercalls
- CVE-2014-1895 / XSA-85 Off-by-one error in FLASK_AVC_CACHESTAT hypercall
- CVE-2014-1896 / XSA-86 libvchan failure handling malicious ring indexes
- CVE-2014-1666 / XSA-87 PHYSDEVOP_{prepare,release}_msix exposed to unprivileged guests
- CVE-2014-1950 / XSA-88 use-after-free in xc_cpupool_getinfo() under memory pressure

Apart from those there are many further bug fixes and improvements.

Revision 1.5 / (download) - annotate - [select for diffs], Sat Jan 25 10:30:22 2014 UTC (10 years, 1 month ago) by wiz
Branch: MAIN
Changes since 1.4: +2 -2 lines
Diff to previous 1.4 (colored)

Mark packages as not ready for python-3.x where applicable;
either because they themselves are not ready or because a
dependency isn't. This is annotated by
PYTHON_VERSIONS_INCOMPATIBLE=  33 # not yet ported as of x.y.z
or
PYTHON_VERSIONS_INCOMPATIBLE=  33 # py-foo, py-bar
respectively, please use the same style for other packages,
and check during updates.

Use versioned_dependencies.mk where applicable.
Use REPLACE_PYTHON instead of handcoded alternatives, where applicable.
Reorder Makefile sections into standard order, where applicable.

Remove PYTHON_VERSIONS_INCLUDE_3X lines since that will be default
with the next commit.

Whitespace cleanups and other nits corrected, where necessary.

Revision 1.4 / (download) - annotate - [select for diffs], Thu Nov 7 00:47:39 2013 UTC (10 years, 3 months ago) by joerg
Branch: MAIN
CVS Tags: pkgsrc-2013Q4-base, pkgsrc-2013Q4
Changes since 1.3: +3 -2 lines
Diff to previous 1.3 (colored)

Catch up with Clang ToT when it comes to various warnings and
unsupported options.

Revision 1.3 / (download) - annotate - [select for diffs], Thu Sep 12 23:37:18 2013 UTC (10 years, 5 months ago) by prlw1
Branch: MAIN
CVS Tags: pkgsrc-2013Q3-base, pkgsrc-2013Q3
Changes since 1.2: +2 -3 lines
Diff to previous 1.2 (colored)

Update xen to 4.2.3

- Add warning if /kern/xen/privcmd is not readable

Fixes the following critical vulnerabilities:
 * CVE-2013-1918 / XSA-45:
    Several long latency operations are not preemptible
 * CVE-2013-1952 / XSA-49:
    VT-d interrupt remapping source validation flaw for bridges
 * CVE-2013-2076 / XSA-52:
    Information leak on XSAVE/XRSTOR capable AMD CPUs
 * CVE-2013-2077 / XSA-53:
    Hypervisor crash due to missing exception recovery on XRSTOR
 * CVE-2013-2078 / XSA-54:
    Hypervisor crash due to missing exception recovery on XSETBV
 * CVE-2013-2194, CVE-2013-2195, CVE-2013-2196 / XSA-55:
    Multiple vulnerabilities in libelf PV kernel handling
 * CVE-2013-2072 / XSA-56:
    Buffer overflow in xencontrol Python bindings affecting xend
 * CVE-2013-2211 / XSA-57:
    libxl allows guest write access to sensitive console related xenstore keys
 * CVE-2013-1432 / XSA-58:
    Page reference counting error due to XSA-45/CVE-2013-1918 fixes
 * XSA-61:
    libxl partially sets up HVM passthrough even with disabled iommu

The following minor vulnerability is also being addressed:
 * CVE-2013-2007 / XSA-51
    qemu guest agent (qga) insecure file permissions

Among many bug fixes and improvements:
 * addressing a regression from the fix for XSA-46
 * bug fixes to low level system state handling, including certain
    hardware errata workarounds

Revision 1.2 / (download) - annotate - [select for diffs], Wed Jun 19 14:03:41 2013 UTC (10 years, 8 months ago) by gdt
Branch: MAIN
CVS Tags: pkgsrc-2013Q2-base, pkgsrc-2013Q2
Changes since 1.1: +2 -1 lines
Diff to previous 1.1 (colored)

Explain xen version differences.

There are 5 versions of xen in pkgsrc, which is confusing.  Explain in
DESCR which version is in which package (xenkernel3 contains 3.1), and
which versions support PCI passthrough (only 3.1).  Explain which
versions support non-PAE (3.1) and PAE (3.3, 4.1, 4.2), because the
HOWTO is out of date and it's easy to end up with a non-working system
on a 3.1 to 3.3 update.  Cuation that 2.0 is beyond crufty.

This is a DESCR-only change (with PKGREVISION++ of course).

(ok during freeze agc@)

Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Wed May 15 05:32:12 2013 UTC (10 years, 9 months ago) by jnemeth
Branch: TNF
CVS Tags: pkgsrc-base
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)

Initial import of Xen 4.2.  This is kernel part.

---- 4.2.2

Xen 4.2.2 is a maintenance release in the 4.2 series and contains:
We recommend that all users of Xen 4.2.1 upgrade to Xen 4.2.2.

    This release fixes the following critical vulnerabilities:
        CVE-2012-5634 / XSA-33: VT-d interrupt remapping source
            validation flaw
        CVE-2013-0151 / XSA-34: nested virtualization on 32-bit
            exposes host crash
        CVE-2013-0152 / XSA-35: Nested HVM exposes host to being
            driven out of memory by guest
        CVE-2013-0153 / XSA-36: interrupt remap entries shared and
            old ones not cleared on AMD IOMMUs
        CVE-2013-0154 / XSA-37: Hypervisor crash due to incorrect
            ASSERT (debug build only)
        CVE-2013-0215 / XSA-38: oxenstored incorrect handling of
            certain Xenbus ring states
        CVE-2012-6075 / XSA-41: qemu (e1000 device driver): Buffer
            overflow when processing large packets
        CVE-2013-1917 / XSA-44: Xen PV DoS vulnerability with SYSENTER
        CVE-2013-1919 / XSA-46: Several access permission issues with
            IRQs for unprivileged guests
        CVE-2013-1920 / XSA-47: Potential use of freed memory in event
            channel operations
        CVE-2013-1922 / XSA-48: qemu-nbd format-guessing due to missing
            format specification
    This release contains many bug fixes and improvements (around
    100 since Xen 4.2.1). The highlights are:
        ACPI APEI/ERST finally working on production systems
        Bug fixes for other low level system state handling
        Bug fixes and improvements to the libxl tool stack
        Bug fixes to nested virtualization

----- 4.2.1

Xen 4.2.1 is a maintenance release in the 4.2 series and contains:
We recommend that all users of Xen 4.2.0 upgrade to Xen 4.2.1.

    The release fixes the following critical vulnerabilities:
        CVE-2012-4535 / XSA-20: Timer overflow DoS vulnerability
        CVE-2012-4537 / XSA-22: Memory mapping failure DoS vulnerability
        CVE-2012-4538 / XSA-23: Unhooking empty PAE entries DoS vulnerability
        CVE-2012-4539 / XSA-24: Grant table hypercall infinite
            loop DoS vulnerability
        CVE-2012-4544, CVE-2012-2625 / XSA-25: Xen domain builder
            Out-of-memory due to malicious kernel/ramdisk
        CVE-2012-5510 / XSA-26: Grant table version switch list
            corruption vulnerability
        CVE-2012-5511 / XSA-27: Several HVM operations do not
            validate the range of their inputs
        CVE-2012-5513 / XSA-29: XENMEM_exchange may overwrite hypervisor memory
        CVE-2012-5514 / XSA-30: Broken error handling in
            guest_physmap_mark_populate_on_demand()
        CVE-2012-5515 / XSA-31: Several memory hypercall operations
            allow invalid extent order values
        CVE-2012-5525 / XSA-32: several hypercalls do not validate input GFNs
    Among many bug fixes and improvements (around 100 since Xen 4.2.0):
        A fix for a long standing time management issue
        Bug fixes for S3 (suspend to RAM) handling
        Bug fixes for other low level system state handling
        Bug fixes and improvements to the libxl tool stack
        Bug fixes to nested virtualization


----- 4.2.0

The Xen 4.2 release contains a number of important new features
and updates including:

The release incorporates many new features and improvements to
existing features. There are improvements across the board including
to Security, Scalability, Performance and Documentation.

    XL is now the default toolstack: Significant effort has gone
in to the XL tool toolstack in this release and it is now feature
complete and robust enough that we have made it the default. This
toolstack can now replace xend in the majority of deployments, see
XL vs Xend Feature Comparison. As well as improving XL the underlying
libxl library has been significantly improved and supports the
majority of the most common toolstack features. In addition the
API has been declared stable which should make it even easier for
external toolstack such as libvirt and XCP's xapi to make full use
of this functionality in the future.

    Large Systems: Following on from the improvements made in 4.1
Xen now supports even larger systems, with up to 4095 host CPUs
and up to 512 guest CPUs. In addition toolstack feature like the
ability to automatically create a CPUPOOL per NUMA node and more
intelligent placement of guest VCPUs on NUMA nodes have further
improved the Xen experience on large systems.  Other new features,
such as multiple PCI segment support have also made a positive
impact on such systems.

    Improved security: The XSM/Flask subsystem has seen several
enhancements, including improved support for disaggregated systems
and a rewritten example policy which is clearer and simpler to
modify to suit local requirements.

    Documentation: The Xen documentation has been much improved,
both the in-tree documentation and the wiki. This is in no small
part down to the success of the Xen Document Days so thanks to all
who have taken part.

Revision 1.1 / (download) - annotate - [select for diffs], Wed May 15 05:32:12 2013 UTC (10 years, 9 months ago) by jnemeth
Branch: MAIN

Initial revision

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>